Encrypted pup_save for Puppy 212

Under development: PCMCIA, wireless, etc.
Message
Author
kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

Encrypted pup_save for Puppy 212

#1 Post by kirk »

I've updated the pup_save encryption for 212. Included in the package below is a modified initrd.gz which will prompt you for a password if your pup_save file has "crypt" in the name and a script to create an encrypted pup_save file.

The initrd.gz is about 40k bigger and has the following additions:

cryptoloop.ko.gz
aes.ko.gz
losetup (compiled with dietlibc to replace the busybox version)


The init script has these changes:

261 CRYPT=$( echo $PUPSAVE | grep crypt )
262 if [ "$CRYPT" != "" ] ; then
263 CRYPTO="-e aes"
264 zcat /lib/modules/${KERNVER}/aes.ko.gz | insmod -
265 zcat /lib/modules/${KERNVER}/cryptoloop.ko.gz | insmod -
266 else
267 CRYPTO=""
268 fi


589 if [ "$CRYPTO" != "" ] ; then
590 echo -e "\\033[1;31m" >/dev/console
591 echo "Loading encrypted pup_save_crypt" >/dev/console
592 echo "" >/dev/console
593 while true; do
594 echo "Password: " >/dev/console
595 losetup $CRYPTO /dev/loop1 $SMNTPT$SAVEFILE
596 mount -t ext3 -o noatime,rw /dev/loop1 $EFSMNT
597 if [ "$?" = "0" ] ; then
598 break
599 else
600 losetup -d /dev/loop1
601 echo "Can't mount file, Try password again." >/dev/console
602 fi
603 done
604 else

611 fi

The pup-save-encryption script is a simplified and improved version of the one I had posted before. I did away with the option to choose a partition for the new pup_save_crypt file because the pup_save files need to be on one partition anyway. Added an option to re-enter your password. Fixed a bug in naming the pup_save_crypt file. Clarified some of the verbage.


Opps Forum can't take files over 1MB anymore. I've poseted it here:

http://upload2.net/page/download/DZIl8c ... ar.gz.html

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#2 Post by Pizzasgood »

Cool. I finally got around to trying an encrypted pupfile, and it works great. I don't know if the "copy your old file" part worked, because I'm not sure if I chose it or not. :roll: Otherwise, no problems yet.

Assuming nothing pops up before I get around to it, I'll be including this in Pizzapup A.T.E. :)
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#3 Post by PaulBx1 »

kirk, I'm glad you figured out what needed to be changed in the boot script for 212; I certainly had no idea.

However I guess you missed that I responded to your earlier request:
If this is going to be included in Puppy I would like see somebody rewrite the encrypt-pupsave script. What I wrote works, but it's not pretty and my scripting skills aren't great.
I rewrote the script and posted it at the end of the thread about the encrypted pupsave for 211. It's a shame we duplicated this effort, although it didn't hurt for me to polish my script writing skills. Perhaps the two can be combined somehow.

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#4 Post by kirk »

Pizzasgood, PaulBx1, thanks for checking it out.

PaulBx1, A couple days ago I saw the script you posted. Thanks, it was a help. Especially for figuring out the maximum number of characters for the password. I thought it would probably be best to simplify things so that new users would find it less confusing.

Thanks again guys! :wink:

happypuppy
Posts: 12
Joined: Fri 01 Dec 2006, 01:24

keyboard not working at password prompt

#5 Post by happypuppy »

hello, and thanks for the scripting :)

im stuck at the password prompt with no keyboard, mineis usb and works at the boot prompt prior to the password prompt and also further on in puppy if i remove the encrypted save file...

perhaps the usb modules need loading as part of your script ??

im running 2.11 and the scripts you released for that version.

thanks

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#6 Post by kirk »

The part I added to the init script comes after the part that let's you choose which pupsave file to use, so the keyboard should be working by then. Did you have more than one pupsave file to choose from? If not you could just make a blank file in the same place as your pupsave file and name it pup-save-test.3fs (that - should be an under score, don't have that on my keyboard right now) reboot and see if you can choose which pupsave file to use. Also, when you type your password, your typing is not visible so it might seem like the keyboard is not working. But pressing enter should give some indication. I'm out of town right now using a blackberry, so, I can't check out the script now. If you still have problems let me know and I'll do some checking when I get back.

happypuppy
Posts: 12
Joined: Fri 01 Dec 2006, 01:24

#7 Post by happypuppy »

ok, i made the blank file as you suggested and got the menu prompt, but as is with the password prompt i was all locked up...

that is, keyboard not responding, "num lock" stuck on, and have to hard reset to go anywhere...

pc is a Dell dimension 1100 with usb keyboard.

but at the menu prior, for boot parameters, the keyboard works fine.

ps- do you get on well with your blackberry ? i have a zaurus sl-5500 :)

-> oh and i also just upgraded to 2.12, with no difference to this.

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#8 Post by kirk »

The part of the init script that handles multiple pupsave files is in the normal init script without encryption. Try it again with the normal initrd.gz and see if you can choose which pupsave file to use. If you can't, post that in the Bugs section so that Barry might get a look at it. I'll take a look at it in a few days too. Thanks for trying it out!

I get the blackberry from my employer, so it's hard to complain about it and I haven,t tried anything else like it. Guess it works pretty well.

happypuppy
Posts: 12
Joined: Fri 01 Dec 2006, 01:24

#9 Post by happypuppy »

just tried the original; init script, and it works, no lock-up , can select number for save file no problems.

so it must be something in your init...

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#10 Post by kirk »

Happypuppy, I have no idea what's wrong.

I compared the original init with the modified one using Gtkdiff to make sure I did'nt accidentally change something. Just the changes I listed on the first post. Those changes come after the part in the init script that ask you which pup_save file to use. Sorry, I wish I could tell you what's up. Might try downloading it again (bad download?) The md5sum of the initrd.gz is:

97d9ceae292a0ada13deff257c7a3e33 initrd.gz

That's just the initrd, not the whole download.

I'll see if I can borrow a USB keyboard from someone. And work on it more.


EDIT: Are you using a frugal install and replacing the initrd.gz with this one or are you re-making the iso?

happypuppy
Posts: 12
Joined: Fri 01 Dec 2006, 01:24

#11 Post by happypuppy »

the md5 checks out... perhaps its to do with how i'm running it...

im runnning off an Apacer 1Gb which i ran syslinux on, then copied the puppy iso contents to root.

renamed isolinux.cfg to syslinux.cfg,

changed one parameter inside:

PMEDIA=usbstorage

that's it but , may be enough, so perhaps ill try installing from within puppy...

happypuppy
Posts: 12
Joined: Fri 01 Dec 2006, 01:24

#12 Post by happypuppy »

i thought id try running dsl, so i set that up (copied the contents of an embedded release to root after format and syslinux)

this gave same problem, lockup :!: but at the point where you press enter to boot or F2 or F3 for boot time options....

trying a few more things.//

happypuppy
Posts: 12
Joined: Fri 01 Dec 2006, 01:24

#13 Post by happypuppy »

well ive spent the day mucking around and found out some interesting things...

i burned the live-cd.iso's of dsl and puppy, then installed dsl to my usb from within dsl, this made dsl boot fine overcoming the lockup problem from before.

then i tried installing puppy from within puppy but no good, i formatted and repartitioned the drive to start fresh, then ran the installer... it could copy the files on their but not boot, similiar problem reported elsewhere on the forum...

so then i read that people had luck installing and booting puppy if installed to a usb drive after dsl had been installed, so i did this and found it worked both with and without the dsl files.

the added surprise/bonus from this was that the loading time of vmlinux and initrd.gz? at the startup was greatly reduced ! instead of waiting upto 30 seconds for the two files two load, they were streaming along and finishing in around 5-7 seconds !! :)

only let down was that i now wouldnt get and multiple save file choose menu option... just wouldn't appear, and also wouldn't see any encrypted save files there either if they were... i found out this was due to the relatively small set of commands in the syslinux.cfg file created by the puppy installer compared with the one in the iso (isolinux.cfg)...

so i formatted again (FAT), this time with HP utility which i think helped after having done so much to my drive it needed it...

and then copied the puppy iso contents to the root, renamed and edited syslinux.cfg and ran syslinux on the drive, this then booted fine and gave me the multi-save menu when relevant , but it was locked up, couldnt choose it !! and this was with the standard initrd.gz .... beats me, havent tested you encrypt initrd.gz this time around as figure it'll lock as well if the other is too...

but i noticed another thing which may have some thing to do with it all... when booting with no save files , when it goes through the step where its loading and looking for save file's (and where it would come in with the menu for choosing multiple save files or encrypted password) the num-lock light is locked on, and wont budge...

i think ill leave it at that until i can get on a different computer...

happypuppy
Posts: 12
Joined: Fri 01 Dec 2006, 01:24

#14 Post by happypuppy »

well i just found out the loading time is related to syslinux version...

i have been using the win32 .exe from version 2.11 , and i noticed the dsl cd mentions 2.04 apon startup, so i dlded and tried that but im not sure if it installed properly over 2.11 so no change... but i also downlaoded the latest 3.31, and installed that, and now i get fast as load times, just like when i was running off the dsl install :)

happypuppy
Posts: 12
Joined: Fri 01 Dec 2006, 01:24

#15 Post by happypuppy »

btw i actually have 2 dells here, the 1100 i have no luck with and locks up, with the usb keyboard...

but the 2400, works yet it has a ps2 keyboard, i may switch them and check it out....

update:

i just tried the usb keyboard on the 2400, and same lockup problem experienced on the 1100

GuestToo
Puppy Master
Posts: 4083
Joined: Wed 04 May 2005, 18:11

#16 Post by GuestToo »

http://syslinux.zytor.com/faq.php
The -s option, if given, will install a "safe, slow and stupid" version of SYSLINUX. This version may work on some very buggy BIOSes on which SYSLINUX would otherwise fail. If you find a machine on which the -s option is required to make it boot reliably ...
maybe Puppy is installing syslinux using the -s option and maybe dsl is installing syslinux without the -s option, and that is the difference

GuestToo
Puppy Master
Posts: 4083
Joined: Wed 04 May 2005, 18:11

#17 Post by GuestToo »

deleted

John Doe
Posts: 1681
Joined: Mon 01 Aug 2005, 04:46
Location: Michigan, US

#18 Post by John Doe »

I'm going to post under this thread for convenience.

Regarding PaulBx1's script:
http://www.murga-linux.com/puppy/viewto ... 9280#79280

line 56:

dd if=/dev/zero of=/mnt/home/$FNAME bs=1024 count=$(($SIZE*1024))

Should /dev/random be used instead? Along the lines of the watermarking mentioned previously, I was thinking that perhaps (although not by design) the ext3 file system or even the files in Puppy itself might function as one big watermark.

Although the act of mkfs with the crypto loopsetup might just fill in crap too but it would probably be better in theory to write the encrypted FS overtop of random data than a blank slate.

happypuppy
Posts: 12
Joined: Fri 01 Dec 2006, 01:24

#19 Post by happypuppy »

GuestToo wrote:http://syslinux.zytor.com/faq.php
The -s option, if given, will install a "safe, slow and stupid" version of SYSLINUX. This version may work on some very buggy BIOSes on which SYSLINUX would otherwise fail. If you find a machine on which the -s option is required to make it boot reliably ...
maybe Puppy is installing syslinux using the -s option and maybe dsl is installing syslinux without the -s option, and that is the difference
i actually couldnt get what the puppy installer did to boot at all...

i had to do it manually; copy iso contents to root usb, rename/edit isolinux.cfg, run syslinux on drive... i was using 2.11 maybe with or with-out -s...

its good to know that as i didnt know all the differences...

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#20 Post by kirk »

dd if=/dev/zero of=/mnt/home/$FNAME bs=1024 count=$(($SIZE*1024))

Should /dev/random be used instead?
Sounds like a good idea. I'll update my script.

Thanks

Post Reply